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ABSTRACT 


A user's usage of network resources is controlled, after the user has been authenticated, 
without using any network resources beyond the user's entry point to the network. Packet rules 
may be provisioned to the user's entry point to the network, and the packet rules may be applied 
to each packet received from the user before any network resources beyond the entry point are 
used. These packet rules may be associated with an identity of the user and then provisioned to 
the user's entry point in response to the user being authenticated. Usage of network resources of 
a communications network by a user beyond a network device of the communications network 
that serves as the user's entry point to the communications network is controlled. The port 
_module of the network ievicej^co_nfigure^wiA_one or more packet rules corresponding to an 
identity of the user. A packet is received from a device used by the user at the port module, and, 
before using any of the network resources beyond the network device, the one or more packet 
rules are applied to the received packet. Another embodiment is provided for controlling usage 
of network resources of a communications network by a user. The user has an assigned role with 
respect to the communications network, and the assigned role is associated with one or more 
packet rules, each packet rule including a condition and action to be taken if a packet received at 
a device satisfies the condition. A packet including identification information of the user is 
received from a device of the user at a port module of a network device. The assigned role of the 
user is determined based on the identification information, and the port module is configured 
with the one or more packet rules associated with the assigned role of the user. 
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